The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

XBOW tests Anthropic's Mythos Preview for offensive security

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

YouTuber PewDiePie Launches Free AI That Runs Privately On Your PC, Taking on Claude and ChatGPT

PewDiePie has released Odysseus, a free and open-source AI workspace that runs on a user’s own computer. The project is not a ...
Martin Cid Magazine

Chinese hackers spent 18 months inside Microsoft 365 before anyone noticed

A China-linked espionage group lived inside corporate cloud accounts for a year and a half by stealing trust instead of ...
International Business Times

Chinese Threat Group Hid Inside Microsoft 365 Networks for 18 Months Using Secret Malware Arsenal

Chinese hacking group UNC5221 secretly accessed Microsoft 365 environments for 18 months using Brickstorm, Plenet and AgentPSD malware, researchers found. Freepik A sophisticated Chinese ...
TechBooky

New Malware Deployed By Chinese APT To Retain Access To Hacked Systems

The Brickstorm backdoor and unidentified malware called Plenet and AgentPSD have been used by a Chinese espionage cell known ...
The Hacker News

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

VerdantBamboo used BRICKSTORM, PLENET, and AGENTPSD after an 18-month breach, enabling stealthy Linux appliance access.

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...
Security Boulevard

Attackers Worldwide are Zeroing In on React2Shell Vulnerability

Threat actors of all stripes are descending on the React2Shell maximum-severity vulnerability in React Server Components (RSC), with security researchers seeing a torrent of attacks that range from an ...
Dark Reading

How Malware Authors Are Incorporating LLMs to Evade Detection

Threat actors are testing malware that incorporates large language models (LLMs) to create malware that can evade detection by security tools. In an analysis published earlier this month, Google's ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...